In the Claims 

1 . (Currently Amended) A computerized method of establishing a secure wireless 
communications channel between an access point and a station, the channel being 
encrypted with a channel key, the method comprising: 

sending, by the station to the access point through a setup connection, a request 
for a security preference for the access point; 

sending, by the access point to the station through the setup connection, the 
security preference in response to the request when the access point can support the 
channe l wherein the security preference specifies one authentication protocol from a set 
of authentication protocols supported by the access point : 

generating, by the station, authentication information using a first key when the 
security preference is shared key; 

sending, by the station to the access point through the setup connection, the 
authentication information; 

validating, by the access point, the station using the authentication information; 

encrypting, by the access point, the channel key using a second key; 

sending, by the access point to the station through the setup connection, the 
encrypted channel key; 

decrypting, by the station, the channel key in response to receiving the encrypted 
channel key; and 

sending, by the station to the access point, data encrypted with the channel key to 
establish the channel. 

2. (Original) The method of claim 1, wherein the first and second keys are a self- 
distributed key. 

3. (Original) The method of claim 2, further comprising: 

generating, by the access point, the self-distributed key using a security algorithm 
when the security preference is shared key; 
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generating, by the station and sending to the access point, a first value using the 
security algorithm in response to receiving the security preference of shared key; 

generating, by the access point, and sending to the station, a second value using 
the security algorithm and the first value in response to receiving the first value; and 

calculating, by the station, the self-distributed key using the security algorithm 
and the second value in response to receiving the second value. 

4. (Original) The method of claim 3, wherein the security algorithm is mod p and 
further comprising: 

obtaining, by the access point, integers jc, g and p to generate the self-distributed 
key k-g^ mod p\ 

obtaining, by the station, the integers g and p, and an integer >^ to generate the first 
value Y-^mod p\ 

generating, by the access point, the second value ^= mod p\ and 
setting, by the station, z equal to to calculate the self-distributed key 

k = )C mod p. 

5. (Original) The method of claim 4 wherein obtaining, by the station, the integers g and 
p comprises: 

sending, by the access point to the station, the integers for g and p, 

6. (Original) The method of claim 5, wherein the integers for g and p are sent to the 
station when the security preferences are sent by the access point. 

7. (Original) The method of claim 5, wherein the integers for g and p are sent to the 
station when a user name and password for the station are registered with the access 
point. 

8. (Original) The method of claim 4 further comprising: 

publishing, by the access point, the integers g and p for a set of stations. 
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9. (Original) The method of claim 2 further comprising: 

encrypting, by the station, a name and password with the first key to generate the 
authentication information; and 

decrypting, by the access point, the name and password to validate the station. 

10. (Original) The method of claim 2 further comprising: 

sending, by the access point to the station, a challenge; 

encrypting, by the station, the challenge with the first key to generate the 
authentication information; 

encrypting, by the access point, the challenge with the first key; and 

comparing, by the access point, the authentication information with the challenge 
encrypted by the access point with the first key to validate the station. 

11. (Original) The method of claim 1, wherein the first key is a public key of a public- 
private key pair for the access point, and the second key is a public key of a pubhc- 
private key pair for the station. 

12. (Original) The method of claim 1 1 further comprising: 

sending, by the access point to the station, the first key; and. 
sending, by the station to the access point, the second key. 

13. (Original) The method of claim 12, wherein the second key is sent to the access point 
when the request for the security preference is sent by the station. 

14. (Original) The method of claim 12, wherein the first key is sent to the station when 
the security preference is sent by the access point. 

15. (Original) The method of claim 1, wherein establishing the channel creates a standard 
wired equivalent privacy (WEP) network, and the station and the access point exchange 
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messages conforming to a format required by the standard that defines a WEP network to 
establish the WEP network. 

16. (Currently Amended) A computerized method for connecting a station to a secure 
wireless network comprising: 

sending a request for a security preference through a setup connection to an 
access point for the secure wireless network , wherein the security preference specifies 
one authentication protocol from a set of authentication protocols supported by the access 
point ; 

generating authentication information for the station when the station receives a 
security preference specifying shared key from the access point through the setup 
connection; 

sending the authentication information to the access point through the setup 
connection; 

decrypting a channel key in response to receiving an encrypted channel key from 
the access point through the setup connection; and 

sending data encrypted with the channel key to the access point, wherein 
exchanging data encrypted with the channel key establishes a secure channel in the 
network. 

17. (Original) The method of claim 16 further comprising: 

generating a first value using a security algorithm in response to receiving the 
security preference specifying shared key from the access point; 

calculating a self-distributed key using the security algorithm and a second value 
in response to receiving the second value from the access point; and 

using the self-distributed key to generate the authentication information and to 
decrypt the encrypted channel key. 

18. (Original) The method of claim 17, wherein the security algorithm is formulated as 
mod p and further comprising: 
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obtaining integers for j^, g and p to generate the first value Y = ^ mod p\ and 
setting z equal to to calculate the self-distributed key k = )C mod p, 

19. (Original) The method of claim 16 further comprising: 

using a first key to generate the authentication information; and 
using a second key to decrypt the encrypted channel key. 

20. (Original) The method of claim 19, wherein the first key is a public key of a public- 
private key pair for the access point, and the second key is a private key of a public- 
private key pair for the station. 

21. (Currently Amended) A computerized method of securing a wireless network at an 
access point comprising: 

sending a security preference through a setup connection in response to a request 
from a station , wherein the security preference specifies one authentication protocol from 
a set of authentication protocols supported by the access point : 

validating the station in response to receiving authentication information fi'om the 
station through the setup connection; 

encrypting a channel key when the station is validated; 

sending the encrypted channel key to the station through the setup connection; 

and 

sending data encrypted with the channel key to the station, wherein exchanging 
data encrypted with the channel key establishes a secure channel in the network. 

22. (Original) The method of claim 21 fiirther comprising: 

generating a self-distributed key using a security algorithm when the security 
preference is shared key; 

generating a second value using the security algorithm and a first value in 
response to receiving the first value from the station; and 

sending the second value to the station. 
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23. (Original) The method of claim 22, wherein the security algorithm is formulated as g 
mod p and further comprising: 

obtaining integers x, g and p to generate the self-distributed key g"^ mod p\ and 
generating the second value A'^ mod p, 

24. (Original) The method of claim 21 further comprising: 

using a first key to evaluate the authentication information; and 
using a second key to encrypt the encrypted channel key. 

25. (Original) The method of claim 24, wherein the first key is a private key of a public- 
private key pair for the access point, and the second key is a public key of a public- 
private key pair for the station. 

26. (Currently Amended) A computer-readable medium having stored thereon executable 
instructions to cause a processor to perform a station method to connect to a secure 
wireless network, the instructions comprising: 

sending a request for a security preference through a setup connection to an 
access point for the secure wireless network , wherein the security preference specifies 
one authentication protocol from a set of authentication protocols supported by the access 
point : 

generating authentication information for the station when the station receives a 
security preference specifying shared key from the access point through the setup 
connection; 

sending the authentication information to the access point through the setup 
connection; 

decrypting a channel key in response to receiving an encrypted channel key from 
the access point through the setup connection; and 



09/659,864 



-7- 



4860.P2436 



sending data encrypted with the channel key to the access point, wherein 
exchanging data encrypted with the channel key establishes a secure channel in the 
network. 

27. (Original) The computer-readable medium of claim 26 having further instructions 
comprising: 

generating a first value using a security algorithm in response to receiving the 
security preference specifying shared key from the access point; 

calculating a self-distributed key using the security algorithm and a second value 
in response to receiving the second value from the access point; and 

using the self-distributed key to generate the authentication information and to 
decrypt the encrypted channel key. 

28. (Original) The computer-readable medium of claim 27, wherein the security 
algorithm is formulated as ^ mod p and having fiirther instructions comprising: 

obtaining integers y, g and p to generate the first value Y = g^ mod p; and 
setting z equal to y'^ to calculate the self-distributed key k = J(^ mod p. 

29. (Original) The computer-readable medium of claim 26 having further instructions 
comprising: 

using a first key to generate the authentication information; and 
using a second key to decrypt the encrypted channel key. 

30. (Original) The computer-readable medium of claim 29, wherein the first key is a 
public key of a public-private key pair for the access point, and the second key is a 
private key of a public-private key pair for the station. 

31. (Currently Amended) A computer-readable medium having stored thereon executable 
instruction to cause a processor to perform an access point method to secure a wireless 
network, the instructions comprising: 
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sending a security preference through a setup connection in response to a request 
from a station , wherein the security preference specifies one authentication protocol from 
a set of authentication protocols supported by the access point ; 

validating the station in response to receiving authentication information from the 
station through the setup connection; 

encrypting a channel key when the station is validated; 

sending the encrypted channel key to the station through the setup connection; 

and 

sending data encrypted with the channel key to the station, wherein exchanging 
data encrypted with the channel key establishes a secure channel in the network. 

32. (Original) The computer-readable medium of claim 31 having further instructions 
comprising: 

generating a self-distributed key using a security algorithm when the security 
preference is shared key; 

generating a second value using the security algorithm and a first value in 
response to receiving the first value from the station; and 

sending the second value to the station. 

33. (Original) The computer-readable medium of claim 32, wherein the security 
algorithm is formulated as g" mod p and having further instructions comprising: 

obtaining integers x, g and p to generate the self-distributed key k = g"" mod p\ and 
generating the second value X=T mod p, 

34. (Original) The computer-readable medium of claim 31 having fiirther instructions 
comprising: 

using a first key to evaluate the authentication information; and 
using a second key to encrypt the encrypted channel key. 
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35. (Original) The computer-readable medium of claim 34, wherein the first key is a 
private key of a public-private key pair for the access point, and the second key is a 
public key of a public-private key pair for the station. 

36. (Original) A secure wireless network comprising: 

an access point operable for receiving a connection request from a station through 
a setup connection, for sending a security preference that specifies one authentication 
protocol from a set of authentication protocols supported by the access point, for 
validating authentication information sent by the station, and for connecting the station to 
the network through a channel secured with a shared channel key; and 

a station operable for sending the connection request to the access point, and for 
generating the authentication information to send to the access point. 

37. (Previously Presented) The secure wireless network of claim 36, wherein the access 
point is further operable for sending a security preference specifying shared key to the 
station upon receiving the connection request, and the station is operable for sending the 
authentication information to the access point upon receiving a security preference 
specifying shared key. 

38. (Original) The secure wireless network of claim 37, wherein the access point is 
further operable for encrypting the shared channel key using a self-distributed key for 
sending to the station and the station is further operable for decrypting the shared channel 
key upon receipt. 

39. (Original) The secure wireless network of claim 38, wherein the station and the 
access point are further operable for calculating the self-distributed key by exchanging 
messages in accordance with the Hughes transmission protocol. 

40. (Original) The secure wireless network of claim 36, wherein the station is further 
operable for using a first key to generate the authentication information and for using a 
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second key to decrypt an encrypted shared channel key received from the access point, 
and the access point is further operable for using a third key to evaluate the authentication 
information and for using a fourth key to encrypt the shared channel key for sending to 
the station. 

41. (Original) The secure wireless network of claim 40, wherein the first and third keys 
are public and private keys, respectively, for the access point, and the second and fourth 
keys are private and public keys, respectively, for the station. 

42. (Currently Amended) A computer-readable medium having stored thereon a message 
data structure for a secure wireless network comprising: 

a station address field containing data representing an identifier for a station that 
exchanges messages with an access point on the secure wireless network; 

a transaction sequence number field containing data representing a sequence 
number for a message exchanged between the station identified by the station address 
field and the access point; 

an authentication algorithm field containing data representing an idenfifier for a 
one authentication p rotocol firom a set of authentication protocols supported by the access 
point, the one authentication protocol used by the access point to validate the stafion 
identified by the station address field based on a name and password for the station; and 

a dependent information field containing data required to connect the station 
identified by the station address field to the secure wireless network. 

43. (Original) The computer-readable medium of claim 42, wherein the data in the 
dependent information field represents key information for encrypting the name and 
password for the station identified by the station address field. 

44. (Original) The computer-readable medium of claim 42, wherein the data in the 
dependent information field represents an encrypted name and password for the station 
idenfified by the station address field. 
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45. (Original) The computer-readable medium of claim 42, wherein the data in the 
dependent information field represents an encrypted channel key used to connect the 
station identified by the station address field to the secure wireless network. 

46. (Currently Amended) An apparatus comprising: 

a means for accessing a wireless network, the means for accessing operable for 
receiving a connection request from a means for messaging through a setup connection, 
for sending a security preference that specifies one authentication protocol from a set of 
authentication protocols supported by the means for access, for validadng authentication 
information sent by the means for messaging, and for connecting the means for 
messaging to the wireless network through a channel secured with a shared channel key; 
and 

a means for messaging operable for sending the connection request to the means 
for accessing, and for generating the authentication information to send to the means for 
accessing. 

47. (Previously Presented) The apparatus of claim 46, wherein the means for accessing is 
further operable for sending a security preference specifying shared key to the means for 
messaging upon receiving the connection request, and the means for messaging is further 
operable for sending the authentication information to the means for accessing upon 
receiving a security preference specifying shared key. 

48. (Previously Presented) The apparatus of claim 47, wherein the means for accessing is 
further operable for encrypting the shared channel key using a self-distributed key for 
sending to the means for messaging and the means for messaging is further operable for 
decrypting the shared channel key upon receipt. 
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49. (Previously Presented) The apparatus of claim 48, wherein the means for accessing 
and the means for messaging are further operable for calculating the self-distributed key 
by exchanging messages in accordance with the Hughes transmission protocol. 

50. (Previously Presented) The apparatus of claim 46, wherein the means for messaging 
is further operable for using a first key to generate the authentication information and for 
using a second key to decrypt an encrypted shared channel key received from the means 
for accessing, and the means for accessing is further operable for using a third key to 
evaluate the authentication information and for using a fourth key to encrypt the shared 
channel key for sending to the means for messaging. 

51. (Previously Presented) The apparatus of claim 50, wherein the first and third keys are 
public and private keys, respectively, for the means for accessing, and the second and 
fourth keys are private and public keys, respectively, for the means for messaging. 
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